JBP-42 - JBX Bug Bounty

Author:

@Mr. Goldstein

Proposal date:

December 4, 2021

Provide a comprehensive, 1-2 sentence summary of your proposal.

Start the development of a bug bounty program on https://immunefi.com/explore/ to increase protocol security, decrease bugs, and reduce chances of exploits Current program should apply only for V1 and V1.1. V2.0 bug bounty program should start only after the protocol audit. Allocate 50 ETH (<1%) of the treasury towards potential payouts. Detailed bounties will be designed upon the initial program approval and proposed within 2 governance cycles.

What is the goal of this proposal?

Start a new bug bounty program. All bounties values will be represented in USD and scaled based on the Immunefi severity Classification System.

What is the process being addressed?

Code security.

What is the current inefficiency in the process that this proposal seeks to fix?

Currently there is no formal bug bounty program. With over $80M residing in the JBX Smart Contracts, if a bug is found it is likely to get exploited. Formalizing a program will help improve the Smart Contract security through independent researcher validation.

What are the changes to the process being proposed?

No changes, additional work is required to create and track the program.

What are the potential risks and tradeoffs of this proposal that we should monitor over time?

Adding a bug bounty program increases protocol visibility with the researcher community.

Sponsors:

See This Proposal on IPFS: https://gateway.pinata.cloud/ipfs/QmVXAcXENaACCwXzgnNS9k89jedfA5Yvs4VEkF7bx1meWP

Link to Discussion Thread: https://discord.com/channels/775859454780244028/919813435821293569/921823521708064848

Link to Proposal on Notion: https://www.notion.so/juicebox/JBX-Bug-Bounty-18cf1b7d1c8c426fa0753163f59adbc4